in modules/core/src/main/scala/org/scalasteward/core/io/ProcessAlg.scala [30:86]
def exec(
command: Nel[String],
workingDirectory: File,
extraEnv: List[(String, String)] = Nil,
slurpOptions: SlurpOptions = Set.empty
): F[List[String]] =
execImpl(toArgs(command, workingDirectory, extraEnv, slurpOptions))
def execSandboxed(
command: Nel[String],
workingDirectory: File,
extraEnv: List[(String, String)] = Nil,
slurpOptions: SlurpOptions = Set.empty
): F[List[String]] =
execImpl(toSandboxArgs(command, workingDirectory, extraEnv, slurpOptions))
def execMaybeSandboxed(sandboxed: Boolean)(
command: Nel[String],
workingDirectory: File,
extraEnv: List[(String, String)] = Nil,
slurpOptions: SlurpOptions = Set.empty
): F[List[String]] =
if (sandboxed) execSandboxed(command, workingDirectory, extraEnv, slurpOptions)
else exec(command, workingDirectory, extraEnv, slurpOptions)
private val configEnv: List[(String, String)] = config.envVars.map(v => (v.name, v.value))
private def toArgs(
command: Nel[String],
workingDirectory: File,
extraEnv: List[(String, String)],
slurpOptions: SlurpOptions
): Args =
Args(command, Some(workingDirectory), extraEnv ++ configEnv, slurpOptions)
private def toSandboxArgs(
command: Nel[String],
workingDirectory: File,
extraEnv: List[(String, String)],
slurpOptions: SlurpOptions
): Args =
if (config.sandboxCfg.enableSandbox) {
val whitelisted = (workingDirectory.toString :: config.sandboxCfg.whitelistedDirectories)
.map(dir => s"--whitelist=$dir")
val readOnly = config.sandboxCfg.readOnlyDirectories
.map(dir => s"--read-only=$dir")
val envVars = (extraEnv ++ configEnv)
.map { case (k, v) => s"--env=$k=$v" }
val firejail = Nel("firejail", "--quiet" :: whitelisted ++ readOnly ++ envVars) ::: command
Args(
command = firejail,
workingDirectory = Some(workingDirectory),
slurpOptions = slurpOptions ++ Set(SlurpOption.ClearEnvironment)
)
} else {
toArgs(command, workingDirectory, extraEnv, slurpOptions)
}